11 Security and MIDlet Signing

This chapter describes how to work with sign MIDlets and work with MIDlet suite security. The Oracle Java ME SDK provides tools to sign MIDlet suites, manage keys, and manage root certificates.

MIDP 2.1 (JSR 118) includes a comprehensive security model based on protection domains. MIDlet suites are installed into a protection domain that determines access to protected functions. The MIDP 2.1 specification also includes a recommended practice for using public key cryptography to verify and authenticate MIDlet suites.

The general process to create a cryptographically signed MIDlet suite is as follows:

The MIDlet author, probably a software company, buys a signing key pair from a certificate authority (the CA).

The author signs the MIDlet suite with the signing key pair and distributes their certificate with the MIDlet suite.

When the MIDlet suite is installed on the emulator or on a device, the implementation verifies the author's certificate using its own copy of the CA's root certificate. Then it uses the author's certificate to verify the signature on the MIDlet suite.

After verification, the device or emulator installs the MIDlet suite into the security domain that is associated with the CA's root certificate.

11.1 Security Domains

maximum. All permissions are granted to MIDlets in this domain. Maximum is the default setting.

unidentified_third_party. Provides a high level of security for applications whose origins and authenticity cannot be determined. The user is prompted frequently when the application attempts a sensitive operation.

identified_third_party. Intended for MIDlets whose origins were determined using cryptographic certificates. Permissions are not granted automatically, but the user is prompted less often than for the unidentified_third_party domain.

11.2 Setting Security Domains

In the SDK, when you use Run Project via OTA your packaged MIDlet suite is installed directly into the emulator where it is placed in a security domain. The emulator uses public key cryptography to determine the appropriate security domain.

If the MIDlet or MIDlet suite is not signed, it is placed in the default security domain.

If the MIDlet or MIDlet suite is signed, it is placed in the protection domain that is associated with the root certificate of the signing key's certificate chain. See the topic "Signing a Project". See "Signing a Project With a Key Pair."

If your project is a MIDlet suite, the entire suite is signed (the individual MIDlets contained within are not).

11.2.1 Specify the Security Domain for an Emulator

Follow these steps to specify the security domain for an emulated device.

Select the device in the device selector.

In the Properties Window, expand the General properties, and for the Security Domain option, select a domain from the dropdown list.

11.2.2Specify the Security Domain for a Project

Follow these steps to set a MIDlet Suite's security domain at runtime.

Right-click the package and select Run As > Run Configurations... from the context menu.

11.3 Signing a Project With a Key Pair

Devices use signing information to check an application's source and validity before allowing it to access protected APIs. For test purposes, you can create a signing key pair to sign an application. A key pair consists of the following:

A private key that is used to create a digital signature, or certificate.

A public key that anyone can use to verify the authenticity of the digital signature.

11.4 Managing Keystores and Key Pairs

Oracle Java ME SDK ships a default keystore named _main.ks in installdir\runtimes\cldc-hi\appdb. This keystore is automatically copied from your installation's default location to each instance of the default devices (the emulators). These instances are typically stored in:

username\javame-sdk\3.4\work\devicename

External devices have similar lists of root certificates, although you typically cannot modify them. When you deploy your application on an external device, you must use signing keys issued by a certificate authority whose root certificate is present on the device. This makes it possible for the device to verify your application.

11.5 Command Line Samples

These samples show literal paths on a sample system. You can replace the paths and options as you see fit. These samples contain line feeds to accommodate the book format. In practice they commands should be entered on a single line.

Generate a keypair.

As mentioned in "Managing Keystores and Key Pairs," Java ME includes a default keystore used for the emulators. For test purposes you can also make your own keypair containing a new keystore and a certificate. For example: